DDoS attacks against banks raise question: Is this cyberwar?

By , Network World |  Security, cybersecurity

Hayes notes that Iran last May had its own banking system disconnected from the global SWIFT financial transaction network as a sanction regarding its aspirations. Along with other international sanctions, "this is crippling their economy," Hayes said, adding he doubts the government would speak so directly about Iran if it didn't have some kind of intelligence.

Avivah Litan, a Gartner analyst specializing in security used in e-commerce and the financial industry, says the string of attacks do appear to have their origins in the Middle East where the tumult of cyber-conflict is ongoing.

Litan says her sources have examined attack code used against the U.S. banks and regard it as the same code used against Israeli targets, such as the Tel Aviv Stock Exchange and the El Al Airline website, back in January. That round of DDoS attacks last January was endorsed by the group Hamas, which is widely believed to be funded by Iran.

At least some of these DDoS attacks against Israeli targets arose from networks in Saudi Arabia, and retaliation from Israeli hackers calling themselves IDF-TEAM ended up going after targets such as the Saudi Stock Exchange and the Abu Dhabi Securities Exchange, according to reports from the Israeli news organization Haaretz.com. Saudi Arabia this year has suddenly become a center of attention in other ways, too.

In August, Saudi Arabia's national energy company, Saudi Aramco, had to fend off a targeted malware attack against its enterprise systems, repairing 30,000 workstations that were infected with a malicious virus dubbed Shamoon wiping out data content, with a group calling itself the "Cutting Sword of Justice" claiming responsibility for the attack. A similar malware attack hit RasGas of Qatar.

To top it off, Saudi Arabia this year suddenly came out of nowhere to become the top spam-sending country in the world this year, according to a Trend Micro report this week. However since DDoS attacks and spam distribution are often carried out by exploiting compromised computers, it's not necessarily clear who is actually behind an attack.

"Iranians have done conflict by proxy very effectively for 30 years, so adding cyberattacks into it isn't surprising," says Chris Bronk, professor in information technology policy at Rice University.

The sanctions against Iran, such as the SWIFT banking network cut-off, mean the country "is squeezed at this point." Does this all add up to cyberwar? Bronk says so far this has been a murky conflict falling far short of any call for bombs and invasions.

Originally published on Network World |  Click here to read the original story.
Join us:






SecurityWhite Papers & Webcasts

See more White Papers | Webcasts

Ask a Question